1. Field of the Invention
The present invention relates to a verification apparatus and a program for use in a biometric authentication system, and it relates to, e.g., a verification apparatus and a program that can verify the validity of apparatus evaluating information included in a template or an authentication context utilized for authentication.
2. Description of the Related Art
When realizing communication or services through a network, an authentication technology for authenticating the other party is important. In the authentication technology, with the spread of recent open network environments and development of federation technologies of dispersed service resources, authentication targets are expanding from users to device terminals.
Usually, as part of the authentication technology, rigorously identifying or collating an authentication target is requested. When the authentication target is a person, a principal confirmation technology for rigorously confirming whether this person is a principal is required.
As a promising principal confirmation technology, there is biometrics. Biometrics is a technology for collating biometric information read from each person with previously registered biometric information (a template) to confirm whether that person is a principal based on the similarity. Biometric information is information indicative of physical/behavioral features or characteristics peculiar to each person, and fingerprints, irises, retinas, faces, voice, key strokes, signatures, or other characteristics are utilized.
Biometrics utilizes biometric information, which cannot be lost of forgotten, differing from existing authentication methods such as passwords, whereby a burden on users can be reduced. Further, as copying biometric information is difficult, biometrics is effective for, e.g., measures which prevent imitation of users.
Currently, biometrics is used for principal authentication adopting a specific apparatus, e.g., user authentication at the time of entering or exiting a specific room or authentication of depositors at ATMs of banks.
Biometrics is not restricted to these examples, and expectations for using biometrics for, e.g., authentication of other parties in electronic business transactions in an open network typified by the Internet are increasing.
When utilizing biometrics through a network, however, there is an inconvenience that a verifier cannot verify whether processing, such as acquisition or collation of biometric information executed on an authentication target side, has been really executed in an appropriate environment. Here, the “environment” means an apparatus that executes the processing, e.g., acquisition or collation of biometric information or information utilized for biometric collation (e.g., biometric reference information (a template)). The “appropriate environment” means that an apparatus or information is not falsified or that unauthorized information is not used.
Furthermore, it is often the case that biometrics processing is constituted of a plurality of processes (constituent processes) and the respective constituent processes are assigned to and arranged in a plurality of apparatuses to be executed. This also makes verification of the appropriate environment difficult.
Here, the constituent process means each process such as storage of a template, acquisition of biometric information, signal processing for the acquired biometric information, collation processing for the biometric information subjected to the signal processing and a template, judgment processing for judging a principal based on a result (e.g., similarity) of the collation processing, or other process.
Each constituent process can be arranged in many ways. As respective arrangement examples, there are an STOC (STore On Card) model, an MOC (Match on Card) model, an SOC (System on Card) model, a multi-modal model, and a server collation model.
In the STOC (STore On Card) model, templates are stored on an IC card, a template meeting a request is output, biometric information is acquired in a biometrics apparatus, and signal processing, collation processing, and judgment processing are executed. In the MOC (Match on Card) model, acquisition of biometric information and signal processing for this information are executed in a biometrics apparatus, and storage of templates, collation processing, and judgment processing are executed on an IC card. In the SOC (System on Card) model, all constituent processes are executed on an IC card. The multi-modal model is biometrics using a plurality of biometric characteristics (e.g., a fingerprint and a face) and has a more complicated arrangement. For example, in the multi-modal model, acquisition of biometric information of each of a fingerprint and a face and signal processing are executed in a fingerprint sensor apparatus and a camera apparatus, templates of the fingerprint and the face are stored on an IC card, and collation processing for each of the fingerprint and the face and judgment processing merging respective collation results are executed in a collation apparatus. In the server collation model, templates are stored on an IC card, a template meeting a request is output, acquisition of biometric information and signal processing for this information are executed in a biometrics apparatus, the template and the biometric information subjected to the signal processing are transmitted to a server, collation processing and judgment processing are executed in the server.
As explained above, each constituent process in the biometrics processing is arranged and executed in each of various apparatuses on an authentication target side. Therefore, it is difficult for the verifier side to verify whether each constituent process has been executed in a really appropriate environment.
Here, as a technology that can solve this inconvenience, there is known an authentication system using biometrics-oriented authentication contexts (which will be referred to as biometric contexts hereinafter) (e.g., see JP-A 2006-11768 (KOKAI) and Koji Okada, Tatsuro Ikeda, Hidehisa Takamizawa, Toshiaki Saisho, Extensible Personal Authentication Framework using Biometrics and PKI, Pre-Proceedings of The 3rd International workshop for Applied PKI (IWAP2004), pp. 96-107).
Biometric context technology is a technology in which an entity apparatus which executes each constituent process in biometrics processing guarantees and reports its execution result, whereby the verifier side can verify the integrity of an execution result of each constituent process. Here, the entity apparatus means an entity that executes each constituent process in biometrics processing, such as a biometric information sensor apparatus, biometric collation apparatus, or an IC card that stores templates.
Specifically, each entity apparatus outputs a biometric authentication context including an execution result of an executed constituent process and an authenticator generated from the execution result by using key information. A verifier can verify the integrity of the execution result by verifying the authenticator in the biometric context.